In my continuing saga of playing around with IPv6, I’ve re-confirmed something I knew before…but in a manner that I wanted to see it work.
So I knew from the start that I could actually get to my machines via IPv6 from the outside world. I knew this doing things like traceroutes:
Hop number: 1 Roundtrip times: Timed out. Hop number: 2 Roundtrip times: Timed out. Hop number: 3 Roundtrip times: Timed out. Hop number: 4 Roundtrip times: Timed out. Hop number: 5 Connected to: et-0-0-43-3.cr2-was1.ip6.gtt.net ( 2001:668:0:3:ffff:0:adcd:27e5 ) Roundtrip times: 20.97 ms 21.007 ms 21.006 ms Hop number: 6 Connected to: 2001:668:0:2:ffff:0:5995:b532 ( 2001:668:0:2:ffff:0:5995:b532 ) Roundtrip times: 1.791 ms 0.868 ms 0.864 ms Hop number: 7 Roundtrip times: Timed out. Hop number: 8 Connected to: tserv2.ash1.he.net ( 2001:470:0:90::2 ) Roundtrip times: 7.679 ms 7.476 ms 8.596 ms Hop number: 9 Connected to: tunnel585849-pt.tunnel.tserv13.ash1.ipv6.he.net ( 2001:470:7:3c2::2 ) Roundtrip times: 13.394 ms 12.165 ms 9.681 ms Hop number: 10 Connected to: backdoor.20014708.xyz ( 2001:470:8:3c3:888:1aff:fec0:829d ) Roundtrip times: 10.542 ms 9.642 ms 11.547 ms
Not to mention I was doing things on a machine that would show up when I ran a port-scan on my v6 address. But that’s not to say I had the full satisfaction of connecting to something over v6 and actually using it. So it’s time to talk about my backdoor. (Insert jokes here. Har-har. I really don’t give a shit enough to care what you think of a hastly named machine.)
Originally I set this machine up to perform two purposes; supply a “public” SAMBA share to my network that didn’t have me screwing up the Synology and for sshfs running on a random non-standard port on the public v4 internet. But it also provided a way for me to ssh in to my systems from the outside; because it should be obvious I can just SSH to any other system once inside. But, once again, Tmobile’s IPv6 native LTE network proved to be a problem; every tower handoff resulted in a drop of the SSH connection. So now it was time to do something similar to what I wanted to do years ago; use the IPv6 tunnel as a way of not breaking a connection to home all the time.
So I set up a DNS and rDNS entry, then spent a little while trying to remember how to syntax the ufw rule so it would route the SSH port for that v6 IP. I still don’t remember what it is…and apparently whatever I wrote on my previous ipv6 post wasn’t 100% right; next time I’ll try to post exactly what worked for me. But the point is after 15 minutes of typing commands and dealing with constant tower handoff disconnects; this is now a ufw rule:
2001:470:8:3c3:888:1aff:fec0:829d 1337 ALLOW FWD Anywhere (v6)
It worked! I was able to log in to my machine’s SSH; and best of all, NO DISCONNECTS! I rode a good 40 miles and the connection held through multiple tower handoffs.
Last login: Wed Jun 17 10:52:44 2020 from 2607:fb90:18dc:4a91:aee8:37bb:7c89:eebb